November 7, 2017 at 5:20 am
I have 1 host running 10 SQL Instances. Each SQL Server Service runs under it's own Domain service account.
However, the one SSIS service on the host runs under the same domain service account as one (probably the first installed) of the database engines. I don't really like this as it infers that the SSIS service is only for or related to the one SQL Instance with the same service account and not all the instances.
So, my question: Should we create a new Domain Service Account specifically for the SSIS service or just use NT AUTHORITY\NETWORK SERVICE?
November 7, 2017 at 11:07 am
planetmatt - Tuesday, November 7, 2017 5:20 AMI have 1 host running 10 SQL Instances. Each SQL Server Service runs under it's own Domain service account.However, the one SSIS service on the host runs under the same domain service account as one (probably the first installed) of the database engines. I don't really like this as it infers that the SSIS service is only for or related to the one SQL Instance with the same service account and not all the instances.
So, my question: Should we create a new Domain Service Account specifically for the SSIS service or just use NT AUTHORITY\NETWORK SERVICE?
It depends on your needs really. MS used to generally recommend domain accounts but according to their latest documentation, they recommend using managed service accounts or virtual accounts when possible - refer to the Security Note section:
Configure Windows Service Accounts and Permissions
That article has most of the information needed regarding the service accounts. I still generally use domain accounts but that's out of habit more than anything else. If you do end up using Network Service, for network permissions don't forget that network access is done using the computer account.
Sue
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply